Did Pokémon Go Catch Your Permissions?

Jul 18, 2016 by Omer Yarkowich

2 weeks after its American release, Augmented reality gaming sensation Pokémon Go has taken the world by storm. As millions of users wander the streets collecting Pikachus and Jigglypuffs, the game’s developer Niantic Inc. is collecting information about the collectors themselves. And it’s definitely catching them all.

The iOS version of the game has caused privacy concerns over how much data it has access to. Pokémon players logging into the iOS app with Google accounts grant it certain access permissions by default. But unlike other applications, the game doesn’t display what permissions will be granted, and users grant access to Gmail, Google Drive data, and full access to all data in their Google account.

Like most GPS-based apps, Pokémon Go can tell a lot of things about you based on your movement as you play: where you go, when you went there, how you got there, how long you stayed, and who else was there with you. And, like many developers who build those apps, Niantic keeps that information on its servers. Given the game’s extreme popularity – especially, among children – the amount of data collected in 2 weeks has made those servers a potential target for hackers.

A statement from Niantic, which was previously owned by Google, implies it wasn’t aware of the access settings until it was approached by third parties. “We recently discovered the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account,” its response said. “However, Pokémon Go only accesses basic Google profile information (specifically, your user ID and e-mail address) and no other Google account information is or has been accessed or collected.”

So, while Pokémon Go may not be digging through emails, its privacy policy allows it to give any data it has on you or your location to law enforcement officials or private parties in response to legal requests or even to whatever it may deem an unethical or legally actionable activity. It can also share non-identifying information about you with other companies for what it says are “research and analysis, demographic profiling, and other similar purposes.”

While very few can deny the game’s addictive appeal and even fewer decide to ditch it for privacy concerns, this latest outrage could help bring more awareness to the idea for games to come. Mobile users may be reminded of apps they granted similar permissions but never use, which put them at similar risks, or may think twice the next time they’re prompted to allow a new app into their data.